Re: Unwanted share access despite security settings
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 07/28/04
- Next message: Noor Syed: "Installing Certificate Services using sysocmgr"
- Previous message: Chris Largent: "Re: Weirdness when disable EFS via Group Policy"
- In reply to: Titus van Houwelingen: "Unwanted share access despite security settings"
- Next in thread: Mark-Allen: "Re: Unwanted share access despite security settings"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 Jul 2004 20:40:39 GMT
User credentials do not have to be domain based for access to a domain resource.
Internet hackers are able to access domain resources all the time through no or
poorly configured firewalls without using a domain account and why - they first get a
username, maybe administrator, and then guess/obtain a weak or blank password. I use
my non domain laptop to access my domain shares.
The part about a user gaining access with the same local account name but one has a
password and one doesn't makes no sense. My guess is the share is mapped with
persistent credentials OR he is using XP stored credentials which can be deleted. I
suggest you enable minimum password lengths in your domain and also password
complexity. For the user in question, reset his password in AD Users and Computers
and logon as him on that XP computer with his local account that has a blank password
I would bet you can not access the share anymore - at least as him. I question giving
everyone full control to any folder, even though I don't think that is the issue. You
might consider giving administrators and system full control and your group modify
permissions. -- Steve
"Titus van Houwelingen" <titusnntp@hotmail.com> wrote in message
news:410800af$0$62379$5fc3050@dreader2.news.tiscali.nl...
> Hello,
>
> I have a share on a W2K Advanced server with active directory.
> Permissions on the share are for a group ABC (defined in Active Directory).
> NTFS security is full acces for 'everyone'.
>
> A user MrX belongs to group ABC.
>
> Whe MrX log on LOCALLY on a NT4 machine and this local account has the same
> username/password he can access the share. I think this shouldn't be
> possibble because the group is a domain group. And no explicit access for
> MrX has been defined on the share, only the ABC group. Nothing else.
>
> It gets worse: when he uses WinXP professional, and he has a LOCAL account
> with the same name but with an EMPTY password, he gets access to the share
> when he logs on LOCALLY!
>
> The guest account is disabled.
>
> I must be doing something stupid. Can anyone please tell me what could be
> the problem?
>
> Thanks in advance,
> Titus
>
>
>
>
- Next message: Noor Syed: "Installing Certificate Services using sysocmgr"
- Previous message: Chris Largent: "Re: Weirdness when disable EFS via Group Policy"
- In reply to: Titus van Houwelingen: "Unwanted share access despite security settings"
- Next in thread: Mark-Allen: "Re: Unwanted share access despite security settings"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
